2012-03-18 05:20:24 +01:00
|
|
|
#!/usr/bin/perl
|
|
|
|
use strict;
|
|
|
|
use warnings;
|
|
|
|
|
2012-04-06 16:59:05 +02:00
|
|
|
use lib $ENV{GL_LIBDIR};
|
2012-03-18 05:20:24 +01:00
|
|
|
use Gitolite::Rc;
|
|
|
|
use Gitolite::Common;
|
|
|
|
use Gitolite::Conf::Load;
|
|
|
|
|
|
|
|
=for usage
|
|
|
|
Usage: ssh git@host perms -l <repo>
|
|
|
|
ssh git@host perms <repo> - <rolename> <username>
|
|
|
|
ssh git@host perms <repo> + <rolename> <username>
|
|
|
|
|
|
|
|
List or set permissions for user-created ("wild") repo. The first usage shown
|
|
|
|
will list the current contents of the permissions file. The other two will
|
|
|
|
change permissions, adding or removing a user from a role.
|
|
|
|
|
|
|
|
Examples:
|
|
|
|
ssh git@host perms foo + READERS user1
|
|
|
|
ssh git@host perms foo + READERS user2
|
|
|
|
ssh git@host perms foo + READERS user3
|
|
|
|
|
|
|
|
(Note: a legacy mode of piping in the entire permissions text directly is also
|
|
|
|
supported. If you want to use it, don't mix it with the new "+/-" modes).
|
|
|
|
=cut
|
|
|
|
|
|
|
|
usage() if not @ARGV or $ARGV[0] eq '-h';
|
|
|
|
|
|
|
|
my $list = 0;
|
|
|
|
if ( $ARGV[0] eq '-l' ) {
|
|
|
|
$list++;
|
|
|
|
shift;
|
|
|
|
getperms(@ARGV); # doesn't return
|
|
|
|
}
|
|
|
|
|
POST_CREATE efficiency... (please read below if you care)
The POST_CREATE trigger is called when
* a user creates a new "wild" repo,
* a user uses the "perms" command, and
* a user uses the "fork" command.
The trigger calls 3 programs (see rc file):
post-compile/update-git-configs
post-compile/update-gitweb-access-list
post-compile/update-git-daemon-access-list
(They are also called by the POST_COMPILE trigger, by the way.)
However, the 3 programs shown are a bit wasteful -- they run through
*all* the repos when really only *one* repo has been affected.
This patch
* passes the repo name to the 3 programs (duh!)
* adds the optimisation to the first of the 3 programs listed above
(the one dealing with 'git config').
For the other two programs (gitweb and git-daemon), you have 3 choices:
* if you don't have too many repos, ignore the problem.
* take out the 2nd and 3rd lines from the POST_CREATE list in the rc
file, so they don't run.
Then run 'gitolite trigger POST_COMPILE' from cron at regular
intervals. (Note that is POST_COMPILE not POST_CREATE!) However,
this means that gitweb and daemon permissions won't be current
immediately after someone adds a new repo or sets perms etc.; they
get updated only on the next cron run.
* patch the programs to add this optimisation (and send me the
patches). The optimisation would check if arg-1 ($1 in shell,
$ARGV[0] in perl) is 'POST_CREATE', and if it is, take the *next*
argument as a repo name that may have changed.
2012-04-22 17:55:54 +02:00
|
|
|
my $repo = shift;
|
2012-03-18 05:20:24 +01:00
|
|
|
setperms(@ARGV);
|
POST_CREATE efficiency... (please read below if you care)
The POST_CREATE trigger is called when
* a user creates a new "wild" repo,
* a user uses the "perms" command, and
* a user uses the "fork" command.
The trigger calls 3 programs (see rc file):
post-compile/update-git-configs
post-compile/update-gitweb-access-list
post-compile/update-git-daemon-access-list
(They are also called by the POST_COMPILE trigger, by the way.)
However, the 3 programs shown are a bit wasteful -- they run through
*all* the repos when really only *one* repo has been affected.
This patch
* passes the repo name to the 3 programs (duh!)
* adds the optimisation to the first of the 3 programs listed above
(the one dealing with 'git config').
For the other two programs (gitweb and git-daemon), you have 3 choices:
* if you don't have too many repos, ignore the problem.
* take out the 2nd and 3rd lines from the POST_CREATE list in the rc
file, so they don't run.
Then run 'gitolite trigger POST_COMPILE' from cron at regular
intervals. (Note that is POST_COMPILE not POST_CREATE!) However,
this means that gitweb and daemon permissions won't be current
immediately after someone adds a new repo or sets perms etc.; they
get updated only on the next cron run.
* patch the programs to add this optimisation (and send me the
patches). The optimisation would check if arg-1 ($1 in shell,
$ARGV[0] in perl) is 'POST_CREATE', and if it is, take the *next*
argument as a repo name that may have changed.
2012-04-22 17:55:54 +02:00
|
|
|
_system( "gitolite", "trigger", "POST_CREATE", $repo, $ENV{GL_USER} );
|
2012-03-18 05:20:24 +01:00
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
sub getperms {
|
|
|
|
my $repo = shift;
|
2012-03-20 05:48:02 +01:00
|
|
|
_die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
2012-03-18 05:20:24 +01:00
|
|
|
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
|
|
|
|
|
|
|
|
print slurp($pf) if -f $pf;
|
|
|
|
|
|
|
|
exit 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub setperms {
|
2012-03-20 05:48:02 +01:00
|
|
|
_die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
|
2012-03-18 05:20:24 +01:00
|
|
|
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
|
|
|
|
|
|
|
|
if ( not @_ ) {
|
|
|
|
# legacy mode; pipe data in
|
|
|
|
@ARGV = ();
|
2012-03-20 05:48:02 +01:00
|
|
|
my @a;
|
|
|
|
for (<>) {
|
|
|
|
_die "Invalid role '$1'; check the rc file" if /(\S+)/ and not $rc{ROLES}{$1};
|
|
|
|
push @a, $_;
|
|
|
|
}
|
|
|
|
_print( $pf, @a );
|
2012-03-21 08:53:32 +01:00
|
|
|
return;
|
2012-03-18 05:20:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
_die "Invalid syntax. Please re-run with '-h' for detailed usage" if @_ != 3;
|
|
|
|
my ( $op, $role, $user ) = @_;
|
|
|
|
_die "Invalid syntax. Please re-run with '-h' for detailed usage" if $op ne '+' and $op ne '-';
|
|
|
|
_die "Invalid role '$role'; check the rc file" if not $rc{ROLES}{$role};
|
2012-03-21 05:04:39 +01:00
|
|
|
_die "Invalid user '$user'" if not $user =~ $USERNAME_PATT;
|
2012-03-18 05:20:24 +01:00
|
|
|
|
|
|
|
my $text = '';
|
|
|
|
my @text = slurp($pf) if -f $pf;
|
|
|
|
|
|
|
|
my $present = grep { $_ eq "$role $user\n" } @text;
|
|
|
|
|
|
|
|
if ( $op eq '-' ) {
|
|
|
|
if ( not $present ) {
|
|
|
|
_warn "'$role $user' was not present in file";
|
|
|
|
} else {
|
|
|
|
@text = grep { $_ ne "$role $user\n" } @text;
|
|
|
|
_print( $pf, @text );
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if ($present) {
|
|
|
|
_warn "'$role $user' already present in file";
|
|
|
|
} else {
|
|
|
|
push @text, "$role $user\n";
|
|
|
|
@text = sort @text;
|
|
|
|
_print( $pf, @text );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|